✨ new talos cluster

kubernetes/flux/flux-cluster.yaml

@@ -0,0 +1,97 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: GitRepository
+metadata:
+  name: home-ops
+  namespace: flux-system
+spec:
+  interval: 30m
+  # https://github.com/k8s-at-home/template-cluster-k3s/issues/324
+  url: ssh://git@github.com/auricom/home-ops
+  ref:
+    branch: main
+  secretRef:
+    name: github-deploy-key
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: flux-cluster
+  namespace: flux-system
+spec:
+  interval: 30m
+  path: ./kubernetes/flux
+  prune: true
+  wait: false
+  sourceRef:
+    kind: GitRepository
+    name: home-ops
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: base
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  path: ./kubernetes/base
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: core
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  dependsOn:
+    - name: base
+  path: ./kubernetes/cluster-0/core
+  prune: false
+  sourceRef:
+    kind: GitRepository
+    name: home-ops
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  postBuild:
+    substitute: {}
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: apps
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  dependsOn:
+    - name: core
+  path: ./kubernetes/cluster-0/apps
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  postBuild:
+    substitute: {}
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets

kubernetes/flux/flux-installation.yaml

@@ -0,0 +1,42 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: GitRepository
+metadata:
+  name: flux-installation
+  namespace: flux-system
+spec:
+  interval: 30m
+  ref:
+    # renovate: datasource=github-releases depName=fluxcd/flux2
+    tag: "v0.36.0"
+  url: https://github.com/fluxcd/flux2
+  ignore: |
+    # exclude all
+    /*
+    # path to manifests
+    !/manifests
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: flux-installation
+  namespace: flux-system
+spec:
+  interval: 30m
+  path: ./manifests/install
+  prune: true
+  wait: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-installation
+  patches:
+    - target:
+        group: networking.k8s.io
+        version: v1
+        kind: NetworkPolicy
+      patch: |-
+        $patch: delete
+        apiVersion: networking.k8s.io/v1
+        kind: NetworkPolicy
+        metadata:
+          name: all

kubernetes/flux/flux-prereqs.yaml

@@ -0,0 +1,60 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: GitRepository
+metadata:
+  name: kube-prometheus-stack
+  namespace: flux-system
+spec:
+  interval: 12h
+  url: https://github.com/prometheus-community/helm-charts.git
+  ref:
+    # renovate: registryUrl=https://prometheus-community.github.io/helm-charts chart=kube-prometheus-stack
+    tag: kube-prometheus-stack-41.9.0
+  ignore: |
+    # exclude all
+    /*
+    # include crd directory
+    !/charts/kube-prometheus-stack/crds
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: kube-prometheus-stack-crds
+  namespace: flux-system
+spec:
+  interval: 30m
+  prune: false
+  wait: true
+  sourceRef:
+    kind: GitRepository
+    name: kube-prometheus-stack
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: GitRepository
+metadata:
+  name: kyverno
+  namespace: flux-system
+spec:
+  interval: 12h
+  url: https://github.com/kyverno/kyverno.git
+  ref:
+    # renovate: registryUrl=https://kyverno.github.io/kyverno chart=kyverno
+    tag: kyverno-chart-2.6.1
+  ignore: |
+    # exclude all
+    /*
+    # include crd directory
+    !/config/crds
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: kyverno-crds
+  namespace: flux-system
+spec:
+  interval: 30m
+  prune: false
+  wait: true
+  sourceRef:
+    kind: GitRepository
+    name: kyverno

kubernetes/flux/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - flux-installation.yaml
+  - flux-cluster.yaml
+  - flux-prereqs.yaml